Legal and regulatory issues.
Organization for Economic Cooperation and Development (OECD) Privacy Guidelines (International):
- 30 member nations from around the world, including the U.S.
- OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, issued in 1980
- Eight driving principles:
- Collection Limitation Principle: Collection of personal data should be limited, obtained by lawful and fair means, and with the knowledge of the subject.
- Data Quality Principle: Personal data should be kept complete and current, and be relevant to the purposes for which it is being used.
- Purpose Specification Principle: Subjects should be notified of the reason for the collection of their personal information at the time that it is collected, and organizations should only use it for that stated purpose.
- Use Limitation Principle: Only with the consent of the subject or by the authority of law should personal data be disclosed, made available, or used for purposes other than those previously stated.
- Security Safeguards Principle: Reasonable safeguards should be put in place to protect personal data against risks such as loss, unauthorized access, modification, and disclosure.
- Openness Principle: Developments, practices, and policies regarding personal data should be openly communicated. In addition, subjects should be able to easily establish the existence and nature of personal data, its use, and the identity and usual residence of the organization in possession of that data.
- Individual Participation Principle: Subjects should be able to find out whether an organization has their personal information and what that information is, to correct erroneous data, and to challenge denied requests to do so.
- Accountability Principle: Organizations should be accountable for complying with measures that support the previous principles.
